We are fully aware of the importance of the protection of personal data, which we protect according to the requirements arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.april 2016, the General Data Protection Regulation, or "GDPR", which is effective as of 25.may 2018.
- Company - OCRRUNNING.CZ, registered office Kozičín 58, Příbram, 26101, ID 45862711, e-mail: firstname.lastname@example.org, tel. +420 777 729 074;
- Subject - a natural person who enters into or is in a relationship with the Company and provides the Company with his/her personal data;
4.the Company is the data controller. The Company exclusively processes personal data obtained from Subjects.
5. The Company processes personal data to the extent necessary for the provision of a given service agreed with the Subject. They can be divided into two groups, namely personal data that can be processed without the Subject's consent and personal data that cannot be processed without consent.in the case of processing of personal data for which consent is not required, the establishment of a contractual relationship is never linked to the provision of consent.
6. The Company processes these personal data within the meaning of Art. 4 para. 1 GDPR:
- name and surname
- residential address
- electronic mail address (e-mail)
- bank account number
- telephone number
- ID number and VAT number
7. The Company processes the personal data referred to in point 6 of this Policy for the purpose of:
- performance of the contract pursuant to Art. 6 para. 1 lit. b) GDPR, to which the Subject is a party;
- fulfillment of a legal obligation applicable to
- the Company and arising from specific legislation;
- protection of the legitimate interests of the Company and the Subject arising from and related to the contractual relationship established between the Company and the Subject.
If the Subject refuses to disclose the Personal Data necessary for any of the above reasons, the Company cannot provide the relevant service or other performance for which the Personal Data is needed.
8.the Company keeps personal data only for the necessary period of time and archives them according to the legal deadlines imposed by the law. The Company processes personal data for the duration of the contractual relationship or other legal title that allows the processing of the Subject's personal data. The Company has set up strict internal rules to check that the data is held lawfully and that the Company does not hold data for longer than it is entitled to. After the loss of the legal reason, the Company deletes the relevant personal data.personal data processed by the Company with the Subject's consent shall be retained by the Company only for the duration of the purpose for which the consent was given.
9. We are assisted in the provision of our services by the following processors, whose operations comply with European data protection standards, while the processing of personal data by third parties is governed by their own terms of service. The Subject agrees that the Company may transfer the Subject's personal data to them for the purposes set out above if necessary to secure or ensure the performance of the Services:
- to the carrier, at the Subject's option on the Company's order form, when concluding a purchase contract by distance via the Company's online store, located at the Internet address: https://ocrrunning.cz, where the carrier may be
- DPD CZ s.r.o. Modletice 135, 25101 Říčany, ID: 61329266
- Zásilkovna s.r.o., Prague - Libeň, Drahobejlova 1019/27, Postal Code 190 00, ID No.: 28408306
- Česká Pošta, s.p. Political Prisoners 909/4, 22599 Prague 1, ID: 47114983
Personal data does not leave the territory of the European Union
10.no other processor will be involved in the processing without the Subject's consent or without the execution of a contract that binds the sub-processor to substantially similar obligations with respect to the processing of personal data to which the Company is bound.in the event that the Company intends to involve another processor in the processing, the Company shall inform the Subject. Any instructions to other processors will be in accordance with data protection legislation and this policy. The company will always ensure an appropriate selection of processors, in particular on the basis of guarantees to ensure technical and organisational protection
Personal data transmitted by the company.
11. The Company undertakes to ensure that other processors or persons involved in processing on behalf of the Company always meet a high standard of trust, in particular by concluding a contract for the processing of personal data.
PROCESSING OF DATA ON THE BASIS OF CONSENT
12.the Company may further process the Subject's data also if the Subject gives his/her informed, voluntary and informed consent within the meaning of Art. 6 para. 1 lit. a) GDPR.
13. Consent is most often in the form of an email or will be granted by an active step of the Subject, required in the email.
14. The Company may process personal data on the basis of consent for the duration of the provision of services. The processing period may be shorter if consent is withdrawn.
WITHDRAWAL OF CONSENT
15. The Subject may withdraw consent to the processing of personal data at any time by sending a request to the Company's registered office.the processing of personal data that occurred before the withdrawal of consent is lawful.
16. The consent granted also applies to the processors authorised by the Company.
17. The Company undertakes to secure personal data in accordance with Art. 32 GDPR. The Company declares that, as of the date of conclusion of the Agreement, the Company has adopted technical measures to ensure the security of personal data.
18. The parties are obliged to provide mutual cooperation in case of suspected misuse of personal data of Data Subjects. The Parties shall use their best endeavours and take such measures to avoid the risk of misuse of personal data.
FURTHER DATA PROTECTION PROVISIONS
19. The Company does not process personal data of children or special categories of personal data, so-called.sensitive personal data within the meaning of Art. 9 GDPR.
20. The Company shall always make every effort to prevent unauthorised processing of personal data by others, but shall not be liable to the Subject or others for any damage caused by unauthorised processing of personal data by a third party.
21. In the event that the Company becomes aware of a security risk associated with Personal Data, it will notify the Subject without undue delay.
22.the Company undertakes to provide the Subject with assistance and legal assistance in recovering compensation from the responsible processors in the event of a personal data leakage or other event that leads to the occurrence of damage. However, the Company itself shall not be liable for the misconduct of its commissioned processors.
23. The Subject acknowledges that he/she is fully responsible for the accuracy of the information provided to the Company. The subject confirms that the personal data provided are true, accurate and relate solely to his/her person or that he/she has provided data the use of which has not infringed the rights of third parties. The subject undertakes to always notify the Company of changes in personal data so that only up-to-date and complete data are processed, at the Company's request or without a request.
ASSISTANCE IN HANDLING PERSONAL DATA
24. The company processes personal data transparently, fairly and in accordance with legislative requirements.if the Subject believes that the Company is processing his/her personal data in violation of the protection of his/her private and personal life or in violation of the law, in particular if the personal data are inaccurate with regard to the purpose of their processing, he/she may:
- always ask the Company for an explanation or a copy of the personal data that the Company processes about the Subject;
- object to the processing for the purpose of legitimate interest;
- request information about the scope or manner of processing of the Subject's personal data;
- update or supplement inaccurate or incomplete personal data;
- request the deletion of personal data if they are not necessary for the purpose for which they were processed, if the consent to their processing has been withdrawn, if they were processed unlawfully, if they must be deleted to comply with a legal obligation, or if they were collected in connection with the offer of information society services;
- request the restriction of the processing of personal data.
The Subject is entitled to exercise the aforementioned rights in writing to the Company's registered office or by email to email@example.com. The Company shall respond to such information or requests within a reasonable period of time (not to exceed 30 days).
25. The subject also has the right to contact the Office for Personal Data Protection directly (www.uoou.com)
Data Protection Authority:
Colonel. Sochora 27
170 00 Prague 7
phone: +420 234 665 111
26.all private legal relations arising on the basis of or in connection with the processing of personal data are governed by the law of the Czech Republic, regardless of where access to them was made. The Czech courts shall have jurisdiction to resolve any disputes arising in connection with the protection of privacy between the Subject and the Company and shall apply Czech law.